Personal "Rough Notes & Useful Links

User Tools

Site Tools


Lxc 1.0: Creating an Nginx & PHP Container

The below Development Web Server is intended for use with a Web Development Workstation using any 64bit Ubuntu 14.04LTS based Linux (I use Mint 17 Xfce) – with Lxc 1.0 installed & configured to use local DNS.

It should also be noted this container was created to provide (only) what is needed to install then work with DokuWiki.
Please Note: This document uses both the Command Shell and the Root Command Shell. That is why when Terminal Commands are given below, the command prompt that is expected (ending either in $ or #) is at the beginning of each line − so do not copy & paste that 1st character.

Create A 14.04LTS Ubuntu Cloud Container

  • The Ubuntu 14.04 LTS Container that I started from was created using the following command:
    $ sudo su
    # lxc-create -n 14lts64-nginx -t ubuntu-cloud -- -a amd64 -r trusty

    This produced the following output:

    ubuntu-cloudimg-query is /usr/bin/ubuntu-cloudimg-query
    wget is /usr/bin/wget
    --2015-05-20 13:20:58--
    Resolving (, 2001:67c:1360:8001:ffff:ffff:ffff:fffe
    Connecting to (||:443... connected.
    HTTP request sent, awaiting response... 302 Found
    Location: [following]
    --2015-05-20 13:20:59--
    Reusing existing connection to
    HTTP request sent, awaiting response... 200 OK
    Length: 186816043 (178M) [application/x-gzip]
    Saving to: ‘ubuntu-14.04-server-cloudimg-amd64-root.tar.gz’
    100%[==========================================================>] 186,816,043 1.02MB/s   in 2m 18s 
    2015-05-20 13:23:17 (1.29 MB/s) - ‘ubuntu-14.04-server-cloudimg-amd64-root.tar.gz’ saved [186816043/186816043]
    Extracting container rootfs
    perl: warning: Setting locale failed.
    perl: warning: Please check that your locale settings:
    	LANGUAGE = "en_CA:en",
    	LC_ALL = (unset),
    	LANG = "en_CA.UTF-8"
        are supported and installed on your system.
    perl: warning: Falling back to the standard locale ("C").
    locale: Cannot set LC_CTYPE to default locale: No such file or directory
    locale: Cannot set LC_MESSAGES to default locale: No such file or directory
    locale: Cannot set LC_ALL to default locale: No such file or directory
    Current default time zone: 'America/Toronto'
    Local time is now:      Wed May 20 13:23:25 EDT 2015.
    Universal Time is now:  Wed May 20 17:23:25 UTC 2015.
    Container 14lts64-nginx created.
    # exit
  • The default user & password for this just created container will be ubuntu & ubuntu
  • Start this just created container & Log-in to it:
    $ sudo lxc-start -n 14lts64-nginx -d
    $ sudo lxc-console -n 14lts64-nginx
  • Change the default password for the ubuntu user:
    $ passwd
    • set the password to something else (and remember it).
    • logout & log back in to ensure the password was set correctly.
  • Install squid-deb-proxy & update the packages:
    $ sudo apt-get update
    $ sudo apt-get install squid-deb-proxy-client
    $ sudo apt-get upgrade
If this container was to be used on the Internet, then the one thing I absolutely would not do is install the Squid-Deb-Proxy-Client – which also installs the avahi libraries that are required for that to work.

Initial Install of Nginx

Nginx 1.8.0 is broken! So the below installs the previous stable version of Ubuntu Nginx (1.6.3) by using a different PPA.
  • install a current known working version of Nginx via a ppa:
    $ sudo add-apt-repository ppa:teward/nginx-1.6.3
    $ sudo apt-get update
    $ sudo apt-get install nginx

    which provided the following install information:

    The following NEW packages will be installed:
      fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
      libjpeg-turbo8 libjpeg8 libtiff5 libvpx1 libxpm4 libxslt1.1 nginx
      nginx-common nginx-full
    0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
    Need to get 2,784 kB of archives.
    After this operation, 9,037 kB of additional disk space will be used.
    Do you want to continue? [Y/n] 
  • Check the version is the current version from the PPA:
    $ nginx -v

    which produces the following output

    nginx version: nginx/1.6.3
  • In Chrome, entering the url http://14lts64-nginx.lxc/ produces a webpage like this:

  • Change the Nginx configuration file to more reasonable values for a Workstation Container:
    $ sudo nano /etc/nginx/nginx.conf

    Edit the following lines

    user www-data;
    worker_processes 4;
    pid /run/;

    to contain this:

    user www-data www-data;
    worker_processes 1;
    pid /run/;
  • Now restart the nginx service:
    $ sudo service nginx restart
  • Finally, create a “not the default” test file – to ensure Nginx is really working as expected:
    $ sudo nano /var/www/html/test.html     # copy the below into this empty file
    <h1>Test File</h1>
    <p>If this is on the screen, then test.html is working.</p>

Install & Configure PHP

  • install php5-fpm:
    $ sudo apt-get install php5-fpm php5-cli php5-gd php5-mcrypt php5-sqlite

    which provided the following install information:

    The following NEW packages will be installed:
      libmcrypt4 php5-cli php5-common php5-fpm php5-gd php5-json php5-mcrypt
      php5-readline php5-sqlite
    0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
    Need to get 4,973 kB of archives.
    After this operation, 20.4 MB of additional disk space will be used.
    Do you want to continue? [Y/n]
  • now configure php5-fpm:
    $ sudo nano /etc/php5/fpm/php.ini

    change this line in the file:


    to the following:

  • finally, restart the php5-fpm service:
    $ sudo service php5-fpm restart

Configure Nginx to use PHP-FPM

  • create the configuration file for a Nginx virtual server (14lts64-nginx) using php-fpm:
    $ sudo nano /etc/nginx/sites-available/virtual     # copy the below into this empty file
    # You should look at the following URL's in order to grasp a solid understanding
    # of Nginx configuration files in order to fully unleash the power of Nginx.
    # Generally, you will want to move this file somewhere, and start with a clean
    # file but keep this around for reference. Or just disable in sites-enabled.
    # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
    # Default server configuration
    server {
            listen 80 default_server;
            listen [::]:80 default_server;
            # SSL configuration
            # listen 443 ssl default_server;
            # listen [::]:443 ssl default_server;
            # Self signed certs generated by the ssl-cert package
            # Don't use them in a production server!
            # include snippets/snakeoil.conf;
            root /var/www/html;
            # Add index.php to the list if you are using PHP
            index index.php index.html index.htm;
            server_name 14lts64-nginx.lxc;
            location / {
                    # First attempt to serve request as file, then
                    # as directory, then fall back to displaying a 404.
                    try_files $uri $uri/ =404;
            location ~ /\.ht {
                    # deny access to .htaccess files, if Apache's document root
                    # concurs with nginx's one
                            deny all;
            # pass the PHP scripts to FastCGI server listening on
            location ~ \.php$ {
                    try_files $uri =404;
            #       # With php5-cgi alone:
            #       fastcgi_pass;
                    # With php5-fpm:
                    fastcgi_pass unix:/var/run/php5-fpm.sock;
                    fastcgi_index index.php;
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                    include fastcgi_params;
  • Remove the default configuration, and instead use the configuration for the virtual server
    $ sudo rm /etc/nginx/sites-enabled/default
    $ sudo ln -s /etc/nginx/sites-available/virtual /etc/nginx/sites-enabled
  • Now restart the nginx & php-fpm services:
    $ sudo service nginx restart
    $ sudo service php5-fpm restart
  • To test that .php pages are working, create a single line page to display the PHP info:
    $ sudo nano /var/www/html/index.php     # copy the below into this empty file
    <?php phpinfo(); ?>

Optional Additional Configurations

  • Add the default user ubuntu to the group www-data
    $ sudo usermod -a -G www-data ubuntu
  • Add the ssh Public/Private keys to use rsync or sftp to upload and download files directly to/from the Lxc Container.

Snapshot (snap0) of the "14lts64-nginx" Container

  • Stop 14lts64-nginx and take a snapshot of it:
    $ sudo su
    # lxc-stop -n 14lts64-nginx
    # echo 'Nginx w/ php-fpm just installed & configured' >snapshot-comment.txt
    # lxc-snapshot -n 14lts64-nginx -c snapshot-comment.txt     # output below
    lxc_container: Snapshot of directory-backed container requested.
    lxc_container: Making a copy-clone.  If you do want snapshots, then
    lxc_container: please create an aufs or overlayfs clone first, snapshot that
    lxc_container: and keep the original container pristine.
  • List the snapshots w/ any comments:
    # lxc-snapshot -n 14lts64-nginx -LC     # example output below
    snap0 (/var/lib/lxcsnaps/14lts64-nginx) 2015:05:20 16:18:19
    Nginx w/ php-fpm just installed & configured
  • now delete the text file created to hold the above comment:
    # rm snapshot-comment.txt
    # exit

Development Containers from this Preconfigured Container

The message output while making a snapshot of the 14lts64-nginx container is the “Executive Summary” for how this container should be used.
  • This container is now frozen and should never be used or logged into again! In fact, the only reason to have a snapshot of this container, is to enable putting it back to exactly the way it is now – should anything happen that changes this Lxc Container that has been Preconfigured with Nginx using php-fpm.
  • The lxc-clone command will now be used to create Development Containers using the Overlayfs – where only the changes made to this base/master/starting container are actually stored by the file-system for these cloned containers.
Overlayfs creates a single unified view of two separate directory trees. One directory tree is of the “lower” filesystem – such as the filesystem of a frozen Preconfigured Container – which is utilized in a read-only manner. The second directory tree is of the “upper” filesystem – such as the filesystem of a Development Container – which provides the read-write media.

As such, all changes are stored only in this “upper” filesystem. Then any original (unchanged) version of the same file in the “lower” files is hidden just by having a changed “upper” version of that file … which works something like putting an “upper” playing card on top of a “lower” playing card. (Use a blank card on top to delete a file.)
  • As Example: the Summary Notes for DokuWiki in an Nginx & PHP Container use the following command to create the dokuwiki container – so the DokuWiki package can then be installed & configured in this clone of the 14lts64-nginx container
    #  lxc-clone -o 14lts64-nginx -n dokuwiki -B overlayfs -s
  • This use of the Overlayfs for Development Containers also enables truly useful Snapshots – where each snapshot also records only the changes that have been made.

Naming of Preconfigured Containers and Development Containers

To effectively implement the above, there needs to be some way to know which containers are the “Preconfigured Containers” and which containers are the “Development Containers”. I use the following container name hints to make this immediately obvious on my own Development Workstation:

for ext4 Filesystem Preconfigured Containers

  • In the above 14lts64 is how I designate any Ubuntu 14.04 LTS 64bit container. (I would use 12lts64 for Ubuntu 12.04 64bit)
  • Any Preconfigured Container – that I create Development Containers from – will always start with an OS designation.
  • These are the “frozen” ext4 filesystem based containers that should never be used.
  • The only reason to have one snapshot of a Preconfigured Container is to enable restoring it to exactly how it was “frozen”.

for overlayfs Development Containers

  • These are named using some combination of an Application (possibly with a version designation) and/or a Project or Site.
  • Development Containers never contain one of the (above) “frozen” OS designations anywhere in the container name.
  • These are the Overlayfs based containers that are “created & destroyed” to be “used & abused” for Development Work.
kb/linux/lts14lxcnginxphp.txt · Last modified: 2016/01/13 20:35 (external edit)